North Korea’s BeagleBoyz hackers tied to digital currency exchange hacks

Federal authorities in the United States have issued a warning against a North Korean hacker group that has reportedly been wreaking havoc in the financial services industry. The so-called BeagleBoyz has allegedly made off with over $2 billion since 2015. The U.S. government believes the group has resumed its activities in February 2020, targeting international money transfers and ATM cashouts.

In a joint statement, Department of Homeland Security, the FBI, the Department of Treasury and U.S Cyber Command alleged that the hackers have been active since 2014 and most likely an element of North Korea’s intelligence agency, the Reconnaissance General Bureau.

BeagleBoyz has been targeting financial institution since its formation, according to authorities. It’s responsible for the FASTCash ATM outage experienced in October 2018 as well as abuse of SWIFT system endpoints since 2015.

While banks have been their main targets, the hackers have also attacked digital currency exchanges, the report revealed. Some of their heists have resulted in the loss of hundreds of millions of dollars per incident.

According to the federal authorities, BeagleBoyz has been using COPPERHEDGE to exploit the exchanges. “COPPERHEDGE is a full-featured remote access tool capable of running arbitrary commands, performing system reconnaissance, and exfiltrating data,” the report detailed.

The group has targeted institutions across the globe, with Africa and Latin America being the worst affected. In one instance, a bank in an unnamed African country had to suspend its services for two months in 2018 after an attack on its FASTCash system. In yet another instance in the same year, the hackers crashed thousands of computers and servers for a Chilean bank in order to abuse its SWIFT terminal.

The agencies urged financial institutions to strengthen their cybersecurity measures to protect themselves against the group.

The warning comes at a time when the Department of Justice filed a civil forfeiture complaint against 280 digital currency accounts allegedly owned by North Korean hackers. According to the DoJ, the hackers had attacked an unnamed exchange and a blockchain investment firm, getting away with $2.7 million.

In March 2020, the DoJ also charged two Chinese nationals whom it accused of aiding North Korean hackers by laundering part of the $250 million they had allegedly stolen from South Korean exchanges.

New to Bitcoin? Check out CoinGeek’s Bitcoin for Beginners section, the ultimate resource guide to learn more about Bitcoin—as originally envisioned by Satoshi Nakamoto—and blockchain.